All of lore.kernel.org
 help / color / mirror / Atom feed
From: marek.vasut.n900@gmail.com (Marek Vasut)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] MAX1111: Fix race condition causing NULL pointer exception
Date: Wed, 18 May 2011 19:36:54 +0200	[thread overview]
Message-ID: <1305740214.1526.2.camel@konomi> (raw)
In-Reply-To: <20110518152935.GJ5913@n2100.arm.linux.org.uk>

> On Wed, May 18, 2011 at 05:18:38PM +0200, Pavel Herrmann wrote:
> > spi_sync call uses its spi_message parameter to keep completion
> > information, having this structure static is not thread-safe,
> > potentially causing one thread having pointers to memory on or above
> > other threads stack. use per-call spi_message on stack to fix this
> 
> I assume this has not been tested with DMA debugging enabled.
> 
> The DMA API does not like mapping memory from the stack, which is what
> you're potentially doing with this:

Yikes, good catch, but kmallocing this and kfreeing it again is not something I'd like to see either.

What other options do you suggest?

Btw note, this isn't the only driver doing this, maybe we have a horde of patches on the way?

> 
> > +??? uint8_t rx_buf[2] = {0, 0};
> > +??? uint8_t tx_buf = (channel << MAX1111_CTRL_SEL_SH) |
> > +??? ??? ??? MAX1111_CTRL_PD0 | MAX1111_CTRL_PD1 |
> > +??? ??? ??? MAX1111_CTRL_SGL | MAX1111_CTRL_UNI |
> > +??? ??? ??? MAX1111_CTRL_STR;
> > +
> > +??? spi_message_init(&m);
> > +??? memset(t, 0, sizeof(t));
> > +
> > +??? t[0].tx_buf = &tx_buf;
> > +??? t[0].len = 1;
> > +??? spi_message_add_tail(&t[0], &m);
> > +
> > +??? t[1].rx_buf = rx_buf;
> > +??? t[1].len = 2;
> > +??? spi_message_add_tail(&t[1], &m);
> 
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

  reply	other threads:[~2011-05-18 17:36 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-05-18 15:18 Pavel Herrmann
2011-05-18 15:29 ` Eric Miao
2011-05-18 15:29 ` Russell King - ARM Linux
2011-05-18 17:36   ` Marek Vasut [this message]
2011-05-18 22:47     ` Russell King - ARM Linux
2011-05-19 12:35   ` Pavel Machek
2011-05-19 12:51     ` Pavel Herrmann
2011-05-19 13:55       ` Marek Vasut
2011-05-19 19:31       ` Russell King - ARM Linux
2011-05-19 22:13         ` Pavel Herrmann
2011-05-20 21:20           ` Russell King - ARM Linux
2011-05-21 20:28           ` Pavel Machek
2011-05-21 20:45             ` Pavel Herrmann
2011-05-22 15:52               ` Marek Vasut
2011-05-18 21:47 ` Cyril Hrubis
2011-06-30 12:36   ` Marek Vasut

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1305740214.1526.2.camel@konomi \
    --to=marek.vasut.n900@gmail.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --subject='Re: [PATCH] MAX1111: Fix race condition causing NULL pointer exception' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.